Sitecore 10.2 Identity server Integration with Azure AD Login

 

Sitecore 10.2 Identity server Integration with Azure AD Login

Introduction: The objective of this document is to help the developer to integrate Sitecore identity server with Azure AD using the Sitecore out of box feature

This document is intended to configure Sitecore identity server to connect with Azure AD so that Azure AD users can login to the Sitecore CMS. In this approach Sitecore identity server will act as a federation gateway to external system. Azure AD is supported out of the box with Sitecore 10.2. The below image will give more clarity to the approach:


The whole Integration is divided into two sections:

1.     Azure Portal Configuration.

2.     Changes required in Sitecore Identity Server Configuration.

 

Azure Portal Configuration

The basic steps are as follows:

1.     Create a new Active Directory: Login to User Azure Portal and click create resources and search for active directory and select the one which is marked red as mentioned below in the screenshot:



 

Once you create the active directory, switch to that specific directory, In this document we named it SitecoreCMS. Once it gets created, it will look like the below image:



2.     Create a new group: Create a new group inside the newly created AD SitecoreCMS Directory. Click the group section which is highlighted in red as the image below:

 



Once you click, you will get the option to create a new group. Set the Group type as Security and Group Name as Sitecoreusers , see below for reference:

Uploading: 67785 of 67785 bytes uploaded.



Note - Once the group is created, capture the object id which is highlighted in red as in the below image. This object id will be used while configuring the identity server:



 

3.      Create New User: Create a user in the newly created active directory (SitecoreCMS)  as mentioned in the below image. While you create the users, go to the assignment tab and select the group which we have created in Step 2 (Sitecoreusers). The objective is to confine one type of users in one group which will be helpful when you assign a certain Sitecore role to a specific Group.

 



 

4.      APP Registration: Create an APP Registration inside the newly created SitecoreCMS AD. To create a new APP registration. Click the APP Registration button as mentioned below:



Note- After creating the new APP Registration, Capture the client id and tenant id which will be used while configuring Identity server. Identity server communicates to this newly created APP Registration using this id. See the image mentioned below.

 



Once created, go to the Authentication section present at the left and populate the Redirect URIS (type should be web), Front Channel Log out URL and the token type should be ID token as mentioned in the below screen shot:



Note. Red highlighted value is the identity sever hostname. Change this value based on your local setup.

Update this Manifest-Select the Manifest section of the newly create APP registration and set the value of groupMembershipClaim to SecurityGroup as mentioned in the below image:

 


 

Set Permission to the APP Registered to the Newly Create Active Directory (Sitecore CMS)

Click the link in the highlighted area mentioned in the image below in the Newly APP registered.



Once you click it, go the permission section and set the permission to admin in the  current active directory as mentioned below.



Assign groups or users to this APP registration: Go to the users and group section of this specific APP Registration (AzureADIntegration) and add the Users or Groups as mentioned in the below screenshot. By doing this, it means we are giving access to the group which we created inside SitecoreCMS active directory to this specific APP registration (AzureADIntegration)



 

           

 

 

 

 

 

Changes required in Sitecore Identity Server Configuration

Sitecore 10 has the out of box feature to get integrated with Azure AD. Go to the file system path of your hosted identity server.

“Sitecore.Plugin.IdentityProvider.AzureAd.xml “open this to edit.

C:\inetpub\wwwroot\demositecoreidentityserver.dev.local\sitecore\Sitecore.Plugin.IdentityProvider.AzureAd\Config



Parameters need to be updated:

·       Enabled: true

·       ClientID : This value is the client of the App Registered in step 4 .In  this document we are referring “AzureADIntegration” APP registered

·       TenantID : This value is the Tenant id  of the App Registered in step 4 .In  this document  we are referring to the “AzureADIntegration” APP registered.

 Note: Once these value are updated, restart the app pool of the identity server to reflect the changes.

 

 

 

 

Once this is done, we will be able to see the Azure login button as shown below.



These changes are not enough to get login, it will just show you the azure login button we need to update a few more parameters of the same file.

Parameters need to be updated:

·       AzureADUserToAdminUser: Un-comment this tag and place it after claimtransformation2 closing tag as mentioned in the image below:

 



Update the value of claim1 type “groups” in this tag with the object id we created in step 2 of group creation (Please see t he screenshot below for reference).  In the new claim type section, I made isadmin false intentionally to make this group act as content author.

 

 



 

 

·       AzureGroupTransformation: Uncomment this tag and place it after the AzureADUserToAdminUser closing tag.  Again, update the value of claim type groups with the object id of the group created in step 2 as in above image.

 



 

Note: Once these values are updated, restart the app pool of the identity server to reflect the changes.

Once you complete the above steps you will be able to login using Azure login button.

 


 

Note : Since I made this group to act as a content Author that’s the reason we are seeing this specific user is acting as content Author

 

 

Conclusion: In this blog I have integrated AzureAD with Sitecore identity server  so that a user   can  Login to Sitecore 10 CMS using AzureAD .

Comments

Post a Comment

Popular posts from this blog

Solrcloud With Zookeeper -Single server setup

Image
Getting Started with SolrCloud: A Beginner’s Guide for First-Time Users If you’ve been diving into search technology and stumbled across SolrCloud , you might think it’s just Apache Solr hosted in the cloud. That’s a common misconception—but SolrCloud is much more powerful than that. In this beginner-friendly guide, we’ll walk you through what SolrCloud actually is, why you might need it, and how to get it up and running on your local machine for development or testing.  What is SolrCloud (and Why Should You Care)? SolrCloud is the distributed, fault-tolerant, and scalable evolution of Apache Solr’s traditional architecture. While the original Solr relied on a master-slave model , SolrCloud is built for modern, large-scale applications that require high availability and real-time indexing.  Key Benefits of SolrCloud: High Availability : Replication ensures your data is always accessible—even if some nodes go down. Scalability : Easily add new nodes as your indexin...
Read more

Render Sitecore Experience Forms Using Sitecore XP 10.4 with a Headless Approach (Next.js + JSS SDK)

Image
  In this blog post, we’ll walk through rendering Sitecore Experience Forms using Sitecore XP 10.4 (Update 1) with a headless (Sitecore-first) approach , leveraging Next.js and Sitecore JSS SDK . This guide assumes you're using connected mode , where your frontend directly interacts with your Sitecore backend. Goal: Enable a fully functional Sitecore Experience Form to render and work within a headless Next.js application. đŸ§± Prerequisites Before getting started, ensure you have the following: Backend: ✅ Sitecore XP 10.4 Update-1 installed ✅ Sitecore Headless Rendering 22.0.0 package installed Frontend: ✅ Node.js and npm installed ✅ Visual Studio Code (or any preferred IDE) 🧭 Step 1: Set Up Sitecore for Headless Forms Since this is a Sitecore-first approach , we begin by configuring everything in Sitecore before moving to Next.js. 🔑 1. Create an API Key Go to Sitecore Content Editor Create a new API Key item (e.g., under /sitecore/system/Mo...
Read more

Next.js with XM Cloud EDGE and GraphQL

Image
  Building a Component with Next.js and GraphQL from Sitecore XM Cloud Edge — No JSS Required Goal: In this blog post, we’ll walk through how to create a simple component in Next.js that fetches data from Sitecore XM Cloud Experience Edge using GraphQL — without using any JSS libraries. đŸ§© What You’ll Need from Your Sitecore XM Cloud Instance Before we start coding, we’ll need a few pieces of information from your Sitecore project: 1. Edge Token and GraphQL Endpoint Log in to your Sitecore XM Cloud project. Select your environment. Go to the "Details" tab. At the bottom, you’ll see Live GraphQL IDE (Experience Edge) . Click "Generate Delivery API Token" — this gives you the Edge API token and the GraphQL endpoint URL. We’ll use this token later in our .env.local file. 🛠️ Project Setup: Next.js + GraphQL 1. Create a Next.js App      Run the following command to bootstrap your app: npx create-next-app@latest xmcloud 2. Install Gr...
Read more